1. Field of Art
The present invention generally relates to managing communication between devices, and more specifically, to provisioning a portable device for secure communication.
2. Description of the Related Art
Portable devices such as smartphones, cellular phones, and personal digital assistants (PDA) are becoming more powerful and functional devices. This has caused increasing reliance on portable devices as a primary method of communication. For example, many users routinely use portable devices to monitor electronic mail, manage appointments, maintain a contact list, maintain a task list or perform numerous other activities. Because of the portability of mobile computing devices, they allow users to rapidly modify and access information from various locations.
To perform many of these tasks, portable devices need to connect to one or more servers, such as a mail server, to transmit and receive data. However, many of these servers are secured by firewalls, proxy servers or other mechanisms that limit access to the server to selected portable devices. For example, only users employed by a certain company are able to access the company's mail server or other servers.
Many servers use either a shared secret or a signed certificate to regulate the ability of portable devices to access the server. If a shared secret is used, the secret should be unique to each client and include a large random key for security. Alternatively the server can create a signed certificate for each portable device that is used to access the server along with a private key associated with the signed certificate. However, the server must securely communicate the private key to the portable device to prevent other devices from intercepting the key and being able to use the associated certificate to access the server. One way to communicate the certificate and associated private key is by using a temporary key to encrypt data communication between server and portable device.
In any of those cases, the portable device must have access to some initial key before gaining access to the server. Conventionally, many servers generate a random key that is used to encrypt a communication channel between the server and the portable device. The certificate or trusted certificate is then communicated form server to portable device using the encrypted channel. However, both the server and the portable device must locally store the key to encrypt the channel, so the key needs to be communicated from server to portable device before being used to encrypt the channel. Conventionally, the portable device must be physically connected to the server using a network cable, USB connection or other physical connector so the key can be transmitted to the portable device without being intercepted or modified. Alternatively, a portable device user must manually enter the key, which is often a long string of data, such as an alphanumeric or a numeric string. These conventional methods either require the portable device to be in close physical proximity to the server to be physically connected or require a user to manually input a long string of data, making key entry cumbersome and subject to errors caused by incorrect data entry.